[guardian-dev] new Tor identity "NEWNYM" with Orbot?

Hans-Christoph Steiner hans at guardianproject.info
Fri Jul 8 07:28:58 EDT 2016 

Hey Sebastian,

I CC'ed the guardian-dev list.

To send a `kill -HUP`, you have to be root or the owner, so that's not
going to work for you.  Orbot does a NEWNYM when you spin the icon on
the main screen.  I don't think there is a public API for doing a
NEWNYM, but I suppose Orbot could support an Intent for doing that.  You
can also select the exit country via Orbot.

As for adding these to an API that any app can use, the implementation
would be easy, but thinking about the security and anonymity concerns is
the difficult part.

.hc


Sebastian Funke:
> Hi Hans,
> 
> yes please, that would be great. Dev-list means mailing-list?
> I also asked some related questions on stackoverflow tagged with
> Orbot/Tor/Netcipher.
> 
> And I realized now, that the findProcessId() method is kind of
> deprecated and the verification whether Orbot is installed works more
> stable over the Android package manager API.
> 
> I have some more problems whenever Orbot is not
> installed/started/bootstrapped...would be nice to see a working example
> for such cases.
> 
> Do you plan to extend the Orbot API / OrbotHelper with some more
> options? (Like trigger new circuit, other country, etc.)
> 
> Greetings,
> Sebastian
> 
> Am 08.07.2016 um 09:23 schrieb Hans-Christoph Steiner:
>>
>> Hey Sebastian, it would be better to have this discussion on our
>> guardian-dev list, since there are multiple people there that can help.
>>  Mind if I move it there?
>>
>> .hc
>>
>> Sebastian Funke:
>>> Short Update:
>>>
>>> The polipo error from my last email, was of course, because the
>>> destination IP was not reachable anymore from a public (Tor-) IP.
>>>
>>> The Tor PID parsing issue is probably a path issue:
>>> e.g. in TorServiceUtils.findProcessId(context):
>>>
>>> String dataPath =
>>> context.getFilesDir().getParentFile().getParentFile().getAbsolutePath();
>>>         String command = dataPath + "/" + OrbotHelper.ORBOT_PACKAGE_NAME
>>> + "/app_bin/tor";
>>>
>>> command resolves for me to:
>>> /data/user/0/org.torproject.android/app_bin/tor
>>> (maybe due I installed Orbot.apk over adb shell in my emulator?)
>>>
>>> But findProcessIdWithPS(command) would expect this:
>>>
>>> /data/data/org.torproject.android/app_bin/tor
>>>
>>> Using findProcessIdWithPS like this:
>>>
>>> findProcessIdWithPS(OrbotHelper.ORBOT_PACKAGE_NAME + "/app_bin/tor")
>>>
>>> might fix the problem...
>>>
>>> Also, im trying to achive a programmatical Tor-circuit refresh with
>>> netcipher rightnow, created a stackoverflow question:
>>>
>>> http://tor.stackexchange.com/questions/11992/how-to-request-the-creation-of-a-new-tor-circuit-in-orbot-with-the-netcipher-lib?noredirect=1#comment12219_11992
>>>
>>>
>>> Am 28.06.2016 um 21:20 schrieb Sebastian Funke:
>>>> Hi Hans,
>>>>
>>>> thanks for your reply.
>>>> So I built the current source from the git with gradle, got the
>>>> netcipher and netcipher-okhttp3 AAR's, everything works, Orbot
>>>> authentication etc, but I ran into a problem when using the resulting
>>>> okhttp client when building it with StrongOkHttpClientBuilder applyTo()
>>>> method...
>>>>
>>>> 1. In my constructor I keep an OrbotHelper instance and its status:
>>>> orbotHelper = OrbotHelper.get(getApplicationContext());
>>>> orbotHelper.addInstallCallback(this);
>>>> orbotHelper.addStatusCallback(this);
>>>> if (!orbotHelper.init()){
>>>>    Intent orbotInstallIntent =
>>>>             orbotHelper.getInstallIntent(getApplicationContext());
>>>>             getApplicationContext().startActivity(orbotInstallIntent);
>>>> }
>>>>
>>>> 2. In my execute method I provide an old okhttp builder and return it
>>>> with the Tor set as HTTP proxy:
>>>> orbotHelper.requestStatus(getApplicationContext());
>>>> if (orbotStatus.equals(OrbotHelper.STATUS_ON)){
>>>> try{
>>>>  StrongOkHttpClientBuilder torBuilder =
>>>>               new StrongOkHttpClientBuilder(getApplicationContext());
>>>>
>>>>  Intent statusIntent = new Intent();
>>>>  statusIntent.putExtra(OrbotHelper.EXTRA_STATUS,OrbotHelper.STATUS_ON);
>>>>
>>>>  torBuilder.withBestProxy();
>>>>
>>>>  return torBuilder.applyTo(oldHtpClientBuilder, statusIntent);
>>>> }
>>>> catch (Exception e){
>>>>  ...
>>>> }
>>>> }
>>>> ...
>>>>
>>>> orbotHelper.requestStatus() results in a NumberFormatException while
>>>> parsing my applications PID:
>>>>
>>>> 06-28 16:13:43.943 11241-12184/com.iota.privacy E/TorServiceUtils:
>>>> unable to parse process pid: 1774 1800 1863 1901 2054 2073 2175 2393
>>>> 2608 2803 2900 11241 16641 25845 26097 26102 26114 26292
>>>>
>>>> java.lang.NumberFormatException: Invalid int: "1774 1800 1863 1901 2054
>>>> 2073 2175 2393 2608 2803 2900 11241 16641 25845 26097 26102 26114 26292"
>>>>
>>>> at java.lang.Integer.invalidInt(Integer.java:138)
>>>>
>>>> at java.lang.Integer.parse(Integer.java:410)
>>>>
>>>> at java.lang.Integer.parseInt(Integer.java:367)
>>>>
>>>> at java.lang.Integer.parseInt(Integer.java:334)
>>>>
>>>> at
>>>> info.guardianproject.netcipher.proxy.TorServiceUtils.findProcessIdWithPidOf(TorServiceUtils.java:146)
>>>>
>>>> at
>>>> info.guardianproject.netcipher.proxy.TorServiceUtils.findProcessId(TorServiceUtils.java:105)
>>>>
>>>> at
>>>> info.guardianproject.netcipher.proxy.OrbotHelper.isOrbotRunning(OrbotHelper.java:161)
>>>>
>>>> at
>>>> info.guardianproject.netcipher.proxy.OrbotHelper.requestStatus(OrbotHelper.java:295)
>>>>
>>>> But this is not a problem, since the Orbot status is already: ON
>>>>
>>>> When I then try to send an HTTP POST with this okhttp client I get the
>>>> following exception from Polipo:
>>>>
>>>> <h1>504 Connect to 10.67.213.61:80 failed: General SOCKS server failure</h1>
>>>> <p>The following error occurred while trying to access
>>>> <strong>http://10.67.213.61/api/papi</strong>:<br><br>
>>>> <strong>504 Connect to 10.67.213.61:80 failed: General SOCKS server
>>>> failure</strong></p>
>>>> <hr>Generated Tue, 28 Jun 2016 16:34:50 GMT by Polipo on
>>>> <em>127.0.0.1:8118</em>.
>>>>
>>>> The Orbot log shows at the time of sending the following:
>>>> WARN: Rejecting SOCKS request for anonymous connection to private
>>>> address [scrubbed]
>>>>
>>>> So apparently it is connected and my okhttp client tries to sent a POST
>>>> to http://10.67.213.61/api/papi over 127.0.0.1:8118...but it gets
>>>> rejected out of some reason...
>>>> I don't use HTTPS rightnow...because Im still in the testing
>>>> phase...could this be a reason?
>>>>
>>>> It would be very nice, if you have an idea, what could be the
>>>> problem...unfortunately I can't provide you access to my repository,
>>>> because its a university/company internal git.
>>>>
>>>> Greetings,
>>>> Sebastian
>>>>
>>>> Am 27.06.2016 um 10:33 schrieb Hans-Christoph Steiner:
>>>>>
>>>>> Hey Sebastian,
>>>>>
>>>>> The OkHttp stuff is only in git right now because it has not been
>>>>> released yet.  I'll try to make an alpha release today.  We'd love your
>>>>> feedback on this since its all new.
>>>>>
>>>>> .hc
>>>>>
>>>>> Sebastian Funke:
>>>>>> Hi,
>>>>>>
>>>>>> I want to use the Netcipher library, more specific the
>>>>>> StrongOkHttpClientBuilder to configure my apps okhttp client with the
>>>>>> Tor proxy.
>>>>>>
>>>>>> The library I download with gradle:
>>>>>> compile 'info.guardianproject.netcipher:netcipher:1.2.1'
>>>>>>
>>>>>> Now, I have several questions/problems:
>>>>>>
>>>>>> 1. Is there a "gradle-ready" package for libnetcipher-okhttp3?
>>>>>> StrongOkHttpClientBuilder is not included in netcipher:1.2.
>>>>>> (When I just download the StrongOkHttpClientBuilder from
>>>>>> libnetcipher-okhttp3, the stuff provided by netcipher:1.2 seems not
>>>>>> complete...)
>>>>>>
>>>>>> 2. I can't find the OrbotHelper.get(cxt).init() function in
>>>>>> netcipher:1.2 that is used in the okhttp sample's Application. What is
>>>>>> the recommended way of using Orbot unattended then?
>>>>>> With unattended I mean, I would like to initialize and use Orbot without
>>>>>> user interactions (except if Orbot is not installed)...
>>>>>>
>>>>>> I wish there could be some usage and getting started tutorial that is
>>>>>> actually working...
>>>>>> (I tried also asking in IRC without reaction there....)
>>>>>>
>>>>>> Thank you in advance for your help!
>>>>>>
>>>>>> Greetings,
>>>>>> Sebastian
>>>>>>
>>>>>

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556

More information about the guardian-dev mailing list